<head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
<title>kali工具箱</title>
<script src="./static/bootstrap.min.js"></script>
<link rel="stylesheet" href="./static/main.css">
<link rel="stylesheet" href="./static/bootstrap.min.css">
<style type="text/css" id="syntaxhighlighteranchor"></style>
</head>
<main class="main-container ng-scope" ng-view="">
<div class="main receptacle post-view ng-scope">
<article class="entry ng-scope" ng-controller="EntryCtrl" ui-lightbox="">
<section class="entry-content ng-binding" ng-bind-html="postContentTrustedHtml">
<section class="l-section"><div class="l-section-h i-cf"><h2>SIPVicious Package Description</h2>
<p style="text-align: justify;">SIPVicious suite is a set of tools that can be used to audit SIP based VoIP systems. It currently consists of four tools:. svmap – this is a sip scanner. Lists SIP devices found on an IP range svwar – identifies active extensions on a PBX svcrack – an online password cracker for SIP PBX svreport – manages sessions and exports reports to various formats svcrash – attempts to stop unauthorized svwar and svcrack scans.</p>
<p>Source: https://code.google.com/p/sipvicious/<br>
<a hef="http://code.google.com/p/sipvicious/" variation="deepblue" target="blank">SIPVicious Homepage</a> | <a href="http://git.kali.org/gitweb/?p=packages/sipvicious.git;a=summary" variation="deepblue" target="blank">Kali SIPVicious Repo</a></p>
<ul>
<li>Author: Sandro Gauci</li>
<li>License: GPLv2</li>
</ul>
<h3>Tools included in the sipvicious package</h3>
<h5>svcrack – Online password cracker for SIP PBX</h5>
<code><a class="__cf_email__" href="/cdn-cgi/l/email-protection" data-cfemail="96e4f9f9e2d6fdf7faff">[email&#160;protected]</a><script data-cfhash='f9e31' type="text/javascript">/* <![CDATA[ */!function(t,e,r,n,c,a,p){try{t=document.currentScript||function(){for(t=document.getElementsByTagName('script'),e=t.length;e--;)if(t[e].getAttribute('data-cfhash'))return t[e]}();if(t&&(c=t.previousSibling)){p=t.parentNode;if(a=c.getAttribute('data-cfemail')){for(e='',r='0x'+a.substr(0,2)|0,n=2;a.length-n;n+=2)e+='%'+('0'+('0x'+a.substr(n,2)^r).toString(16)).slice(-2);p.replaceChild(document.createTextNode(decodeURIComponent(e)),c)}p.removeChild(t)}}catch(u){}}()/* ]]> */</script>:~# svcrack -h<br>
Usage: svcrack -u username [options] target<br>
examples:<br>
svcrack -u100 -d dictionary.txt 10.0.0.1<br>
svcrack -u100 -r1-9999 -z4 10.0.0.1<br>
<br>
<br>
Options:<br>
  --version             show program's version number and exit<br>
  -h, --help            show this help message and exit<br>
  -v, --verbose         Increase verbosity<br>
  -q, --quiet           Quiet mode<br>
  -p PORT, --port=PORT  Destination port or port ranges of the SIP device - eg<br>
                        -p5060,5061,8000-8100<br>
  -P PORT, --localport=PORT<br>
                        Source port for our packets<br>
  -x IP, --externalip=IP<br>
                        IP Address to use as the external ip. Specify this if<br>
                        you have multiple interfaces or if you are behind NAT<br>
  -b BINDINGIP, --bindingip=BINDINGIP<br>
                        By default we bind to all interfaces. This option<br>
                        overrides that and binds to the specified ip address<br>
  -t SELECTTIME, --timeout=SELECTTIME<br>
                        This option allows you to trottle the speed at which<br>
                        packets are sent. Change this if you're losing<br>
                        packets. For example try 0.5.<br>
  -R, --reportback      Send the author an exception traceback. Currently<br>
                        sends the command line parameters and the traceback<br>
  -A, --autogetip       Automatically get the current IP address. This is<br>
                        useful when you are not getting any responses back due<br>
                        to SIPVicious not resolving your local IP.<br>
  -s NAME, --save=NAME  save the session. Has the benefit of allowing you to<br>
                        resume a previous scan and allows you to export scans<br>
  --resume=NAME         resume a previous scan<br>
  -c, --enablecompact   enable compact mode. Makes packets smaller but<br>
                        possibly less compatible<br>
  -u USERNAME, --username=USERNAME<br>
                        username to try crack<br>
  -d DICTIONARY, --dictionary=DICTIONARY<br>
                        specify a dictionary file with passwords<br>
  -r RANGE, --range=RANGE<br>
                        specify a range of numbers. example:<br>
                        100-200,300-310,400<br>
  -e EXTENSION, --extension=EXTENSION<br>
                        Extension to crack. Only specify this when the<br>
                        extension is different from the username.<br>
  -z PADDING, --zeropadding=PADDING<br>
                        the number of zeros used to padd the password.<br>
                        the options "-r 1-9999 -z 4" would give 0001 0002 0003<br>
                        ... 9999<br>
  -n, --reusenonce      Reuse nonce. Some SIP devices don't mind you reusing<br>
                        the nonce (making them vulnerable to replay attacks).<br>
                        Speeds up the cracking.<br>
  -T TEMPLATE, --template=TEMPLATE<br>
                        A format string which allows us to specify a template<br>
                        for the extensions                       example<br>
                        svwar.py -e 1-999 --template="123%#04i999" would scan<br>
                        between 1230001999 to 1230999999"<br>
  --maximumtime=MAXIMUMTIME<br>
                        Maximum time in seconds to keep sending requests<br>
                        without                       receiving a response<br>
                        back<br>
  -D, --enabledefaults  Scan for default / typical passwords such as<br>
                        1000,2000,3000 ... 1100, etc. This option is off by<br>
                        default.                       Use --enabledefaults to<br>
                        enable this functionality<br>
  --domain=DOMAIN       force a specific domain name for the SIP message, eg.<br>
                        -d example.org</code>
<h3>svcrash – Attempts to stop unauthorized svwar and svcrack scans</h3>
<code><a class="__cf_email__" href="/cdn-cgi/l/email-protection" data-cfemail="35475a5a41755e54595c">[email&#160;protected]</a><script data-cfhash='f9e31' type="text/javascript">/* <![CDATA[ */!function(t,e,r,n,c,a,p){try{t=document.currentScript||function(){for(t=document.getElementsByTagName('script'),e=t.length;e--;)if(t[e].getAttribute('data-cfhash'))return t[e]}();if(t&&(c=t.previousSibling)){p=t.parentNode;if(a=c.getAttribute('data-cfemail')){for(e='',r='0x'+a.substr(0,2)|0,n=2;a.length-n;n+=2)e+='%'+('0'+('0x'+a.substr(n,2)^r).toString(16)).slice(-2);p.replaceChild(document.createTextNode(decodeURIComponent(e)),c)}p.removeChild(t)}}catch(u){}}()/* ]]> */</script>:~# svcrash -h<br>
WARNING: No route found for IPv6 destination :: (no default route?)<br>
Usage: svcrash [options]<br>
<br>
Options:<br>
  --version        show program's version number and exit<br>
  -h, --help       show this help message and exit<br>
  --auto           Automatically send responses to attacks<br>
  --astlog=ASTLOG  Path for the asterisk full logfile<br>
  -d IPADDR        specify attacker's ip address<br>
  -p PORT          specify attacker's port<br>
  -b               bruteforce the attacker's port</code>
<h3>svreport – Manages sessions and exports reports to various formats</h3>
<code><a class="__cf_email__" href="/cdn-cgi/l/email-protection" data-cfemail="fe8c91918abe959f9297">[email&#160;protected]</a><script data-cfhash='f9e31' type="text/javascript">/* <![CDATA[ */!function(t,e,r,n,c,a,p){try{t=document.currentScript||function(){for(t=document.getElementsByTagName('script'),e=t.length;e--;)if(t[e].getAttribute('data-cfhash'))return t[e]}();if(t&&(c=t.previousSibling)){p=t.parentNode;if(a=c.getAttribute('data-cfemail')){for(e='',r='0x'+a.substr(0,2)|0,n=2;a.length-n;n+=2)e+='%'+('0'+('0x'+a.substr(n,2)^r).toString(16)).slice(-2);p.replaceChild(document.createTextNode(decodeURIComponent(e)),c)}p.removeChild(t)}}catch(u){}}()/* ]]> */</script>:~# svreport -h<br>
Usage: svreport [command] [options]<br>
<br>
Supported commands:<br>
<br>
                - list: lists all scans<br>
<br>
                - export:   exports the given scan to a given format<br>
<br>
                - delete:   deletes the scan<br>
<br>
                - stats:    print out some statistics of interest<br>
<br>
                - search:   search for a specific string in the user agent (svmap)<br>
<br>
examples:<br>
<br>
      svreport.py list<br>
<br>
      svreport.py export -f pdf -o scan1.pdf -s scan1<br>
<br>
      svreport.py delete -s scan1<br>
<br>
<br>
<br>
Options:<br>
  --version             show program's version number and exit<br>
  -h, --help            show this help message and exit<br>
  -v, --verbose         Increase verbosity<br>
  -q, --quiet           Quiet mode<br>
  -t SESSIONTYPE, --type=SESSIONTYPE<br>
                        Type of session. This is usually either svmap, svwar<br>
                        or svcrack. If not set I will try to find the best<br>
                        match<br>
  -s SESSION, --session=SESSION<br>
                        Name of the session<br>
  -f FORMAT, --format=FORMAT<br>
                        Format type. Can be stdout, pdf, xml, csv or txt<br>
  -o OUTPUTFILE, --output=OUTPUTFILE<br>
                        Output filename<br>
  -n                    Do not resolve the ip address<br>
  -c, --count           Used togather with 'list' command to count the number<br>
                        of entries</code>
<h3>svmap – Lists SIP devices found on an IP range</h3>
<code><a class="__cf_email__" href="/cdn-cgi/l/email-protection" data-cfemail="8af8e5e5fecae1ebe6e3">[email&#160;protected]</a><script data-cfhash='f9e31' type="text/javascript">/* <![CDATA[ */!function(t,e,r,n,c,a,p){try{t=document.currentScript||function(){for(t=document.getElementsByTagName('script'),e=t.length;e--;)if(t[e].getAttribute('data-cfhash'))return t[e]}();if(t&&(c=t.previousSibling)){p=t.parentNode;if(a=c.getAttribute('data-cfemail')){for(e='',r='0x'+a.substr(0,2)|0,n=2;a.length-n;n+=2)e+='%'+('0'+('0x'+a.substr(n,2)^r).toString(16)).slice(-2);p.replaceChild(document.createTextNode(decodeURIComponent(e)),c)}p.removeChild(t)}}catch(u){}}()/* ]]> */</script>:~# svmap -h<br>
Usage: svmap [options] host1 host2 hostrange<br>
Scans for SIP devices on a given network<br>
<br>
examples:<br>
<br>
svmap 10.0.0.1-10.0.0.255 172.16.131.1 sipvicious.org/22 10.0.1.1/241.1.1.1-20 1.1.2-20.* 4.1.*.*<br>
<br>
svmap -s session1 --randomize 10.0.0.1/8<br>
<br>
svmap --resume session1 -v<br>
<br>
svmap -p5060-5062 10.0.0.3-20 -m INVITE<br>
<br>
<br>
<br>
Options:<br>
  --version             show program's version number and exit<br>
  -h, --help            show this help message and exit<br>
  -v, --verbose         Increase verbosity<br>
  -q, --quiet           Quiet mode<br>
  -p PORT, --port=PORT  Destination port or port ranges of the SIP device - eg<br>
                        -p5060,5061,8000-8100<br>
  -P PORT, --localport=PORT<br>
                        Source port for our packets<br>
  -x IP, --externalip=IP<br>
                        IP Address to use as the external ip. Specify this if<br>
                        you have multiple interfaces or if you are behind NAT<br>
  -b BINDINGIP, --bindingip=BINDINGIP<br>
                        By default we bind to all interfaces. This option<br>
                        overrides that and binds to the specified ip address<br>
  -t SELECTTIME, --timeout=SELECTTIME<br>
                        This option allows you to trottle the speed at which<br>
                        packets are sent. Change this if you're losing<br>
                        packets. For example try 0.5.<br>
  -R, --reportback      Send the author an exception traceback. Currently<br>
                        sends the command line parameters and the traceback<br>
  -A, --autogetip       Automatically get the current IP address. This is<br>
                        useful when you are not getting any responses back due<br>
                        to SIPVicious not resolving your local IP.<br>
  -s NAME, --save=NAME  save the session. Has the benefit of allowing you to<br>
                        resume a previous scan and allows you to export scans<br>
  --resume=NAME         resume a previous scan<br>
  -c, --enablecompact   enable compact mode. Makes packets smaller but<br>
                        possibly less compatible<br>
  --randomscan          Scan random IP addresses<br>
  -i scan1, --input=scan1<br>
                        Scan IPs which were found in a previous scan. Pass the<br>
                        session name as the argument<br>
  -I scan1, --inputtext=scan1<br>
                        Scan IPs from a text file - use the same syntax as<br>
                        command line but with new lines instead of commas.<br>
                        Pass the file name as the argument<br>
  -m METHOD, --method=METHOD<br>
                        Specify the request method - by default this is<br>
                        OPTIONS.<br>
  -d, --debug           Print SIP messages received<br>
  --first=FIRST         Only send the first given number of messages (i.e.<br>
                        usually used to scan only X IPs)<br>
  -e EXTENSION, --extension=EXTENSION<br>
                        Specify an extension - by default this is not set<br>
  --randomize           Randomize scanning instead of scanning consecutive ip<br>
                        addresses<br>
  --srv                 Scan the SRV records for SIP on the destination domain<br>
                        name.The targets have to be domain names - example.org<br>
                        domain1.com<br>
  --fromname=FROMNAME   specify a name for the from header</code>
<h3>svwar – Identifies active extensions on a PBX</h3>
<code><a class="__cf_email__" href="/cdn-cgi/l/email-protection" data-cfemail="b5c7dadac1f5ded4d9dc">[email&#160;protected]</a><script data-cfhash='f9e31' type="text/javascript">/* <![CDATA[ */!function(t,e,r,n,c,a,p){try{t=document.currentScript||function(){for(t=document.getElementsByTagName('script'),e=t.length;e--;)if(t[e].getAttribute('data-cfhash'))return t[e]}();if(t&&(c=t.previousSibling)){p=t.parentNode;if(a=c.getAttribute('data-cfemail')){for(e='',r='0x'+a.substr(0,2)|0,n=2;a.length-n;n+=2)e+='%'+('0'+('0x'+a.substr(n,2)^r).toString(16)).slice(-2);p.replaceChild(document.createTextNode(decodeURIComponent(e)),c)}p.removeChild(t)}}catch(u){}}()/* ]]> */</script>:~# svwar -h<br>
Usage: svwar [options] target<br>
examples:<br>
svwar -e100-999 10.0.0.1<br>
svwar -d dictionary.txt 10.0.0.2<br>
<br>
<br>
Options:<br>
  --version             show program's version number and exit<br>
  -h, --help            show this help message and exit<br>
  -v, --verbose         Increase verbosity<br>
  -q, --quiet           Quiet mode<br>
  -p PORT, --port=PORT  Destination port or port ranges of the SIP device - eg<br>
                        -p5060,5061,8000-8100<br>
  -P PORT, --localport=PORT<br>
                        Source port for our packets<br>
  -x IP, --externalip=IP<br>
                        IP Address to use as the external ip. Specify this if<br>
                        you have multiple interfaces or if you are behind NAT<br>
  -b BINDINGIP, --bindingip=BINDINGIP<br>
                        By default we bind to all interfaces. This option<br>
                        overrides that and binds to the specified ip address<br>
  -t SELECTTIME, --timeout=SELECTTIME<br>
                        This option allows you to trottle the speed at which<br>
                        packets are sent. Change this if you're losing<br>
                        packets. For example try 0.5.<br>
  -R, --reportback      Send the author an exception traceback. Currently<br>
                        sends the command line parameters and the traceback<br>
  -A, --autogetip       Automatically get the current IP address. This is<br>
                        useful when you are not getting any responses back due<br>
                        to SIPVicious not resolving your local IP.<br>
  -s NAME, --save=NAME  save the session. Has the benefit of allowing you to<br>
                        resume a previous scan and allows you to export scans<br>
  --resume=NAME         resume a previous scan<br>
  -c, --enablecompact   enable compact mode. Makes packets smaller but<br>
                        possibly less compatible<br>
  -d DICTIONARY, --dictionary=DICTIONARY<br>
                        specify a dictionary file with possible extension<br>
                        names<br>
  -m OPTIONS, --method=OPTIONS<br>
                        specify a request method. The default is REGISTER.<br>
                        Other possible methods are OPTIONS and INVITE<br>
  -e RANGE, --extensions=RANGE<br>
                        specify an extension or extension range  example: -e<br>
                        100-999,1000-1500,9999<br>
  -z PADDING, --zeropadding=PADDING<br>
                        the number of zeros used to padd the username.<br>
                        the options "-e 1-9999 -z 4" would give 0001 0002 0003<br>
                        ... 9999<br>
  --force               Force scan, ignoring initial sanity checks.<br>
  -T TEMPLATE, --template=TEMPLATE<br>
                        A format string which allows us to specify a template<br>
                        for the extensions                       example<br>
                        svwar.py -e 1-999 --template="123%#04i999" would scan<br>
                        between 1230001999 to 1230999999"<br>
  -D, --enabledefaults  Scan for default / typical extensions such as<br>
                        1000,2000,3000 ... 1100, etc. This option is off by<br>
                        default.                       Use --enabledefaults to<br>
                        enable this functionality<br>
  --maximumtime=MAXIMUMTIME<br>
                        Maximum time in seconds to keep sending requests<br>
                        without                       receiving a response<br>
                        back<br>
  --domain=DOMAIN       force a specific domain name for the SIP message, eg.<br>
                        -d example.org<br>
  --debug               Print SIP messages received</code>
<h3>svmap Usage Example</h3>
<p>Scan the given network range <b><i>(192.168.1.0/24)</i></b> and display verbose output <b><i>(-v)</i></b>:</p>
<code><a class="__cf_email__" href="/cdn-cgi/l/email-protection" data-cfemail="582a37372c1833393431">[email&#160;protected]</a><script data-cfhash='f9e31' type="text/javascript">/* <![CDATA[ */!function(t,e,r,n,c,a,p){try{t=document.currentScript||function(){for(t=document.getElementsByTagName('script'),e=t.length;e--;)if(t[e].getAttribute('data-cfhash'))return t[e]}();if(t&&(c=t.previousSibling)){p=t.parentNode;if(a=c.getAttribute('data-cfemail')){for(e='',r='0x'+a.substr(0,2)|0,n=2;a.length-n;n+=2)e+='%'+('0'+('0x'+a.substr(n,2)^r).toString(16)).slice(-2);p.replaceChild(document.createTextNode(decodeURIComponent(e)),c)}p.removeChild(t)}}catch(u){}}()/* ]]> */</script>:~# svmap 192.168.1.0/24 -v<br>
INFO:DrinkOrSip:trying to get self ip .. might take a while<br>
INFO:root:start your engines<br>
INFO:DrinkOrSip:Looks like we received a SIP request from 192.168.1.202:5060<br>
INFO:DrinkOrSip:Looks like we received a SIP request from 192.168.1.202:5060<br>
INFO:DrinkOrSip:Looks like we received a SIP request from 192.168.1.202:5060</code>
</div></section><div style="display:none">
<script src="//s11.cnzz.com/z_stat.php?id=1260038378&web_id=1260038378" language="JavaScript"></script>
</div>
</main></body></html>
